3 Data Security Fundamentals You Forgot to Remember

October 18th, 2017

Walk with me through a brief scenario:

It’s a normal day at the office. You come in at the usual time, grab a cup of coffee and your banana or yogurt from the breakroom. You exchange pleasantries with colleagues as you stroll through the cube farm to your desk. After adjusting your chair and logging on, you begin sifting through emails.

There is an email waiting for you with an attachment about this year’s recruitment plan. Maybe you are forecasting and need to understand the planned expenditures for the coming year. Or perhaps you’ve had some full-time positions open for 6 months and want to see what the plans are for filling them. Whatever the reason, it catches your eye. You don’t immediately recognize the name of the sender, but your department has been working with some consultants. Also, there’s been a little turnover lately and you might’ve skipped over a few announcements.

So you click on the email, open the attachment… and unknowingly launch a massive cyberattack that will cost your company millions and require years of recovery.

The Brutal Breach Reality

Back in 2011, a similar situation actually did occur. An employee at a large corporation opened an Excel attachment labeled “2011 Recruitment Plan,” and inadvertently enabled a cyberattack that would end up costing that company $66 million.

As evidenced, the mere click of a mouse can be enough to start a costly security breach.

Security hacks aren’t loud events where lightening cracks, the lights flicker, and alarms sound throughout the building. They are silent and stealthy, attacking in everyday ways through the most mundane tasks.

The example above happened several years ago. You can bet that hackers are savvier now. As it is, security breaches are growing in number and impact. Hackers are able to target high-value personal information more successfully. The number of breaches hitting Social Security numbers grew to 26.1% in 2017, up from 17.6% in 2016.

Get Back to the Basics

With all of the sophisticated security technology available today, there are a plethora of ways to prevent damaging breaches. That said, it’s important to remember the fundamental building blocks of secure infrastructure.

To help your businesses stay on top of its security game, don’t forget to keep these basic tenets in mind:

1. Permanently Prioritize Data Security

Consistently provide the necessary resources to keep your security systems and processes operational and up-to-date. It can be tempting to delay a system update or a security-related expenditure in favor of a seemingly more pressing need. However, systems that lack the proper updates and patches can leave a door wide open for hackers. Case in point, Equifax’s epic data breach this year could have been prevented by a patch that was available for two months, but was not implemented in a timely manner. That two-month delay compromised the data of 143 million people.

Additionally, policy implementations and reviews must be consistently prioritized. Compliance regulations and security measures change and new ones are created regularly. Although time consuming, regular policy and procedure reviews are essential to keeping your business secure, while avoiding sanctions and fines along the way.

2. Continuously Educate Employees About Data Security

Your employees likely have varying levels of knowledge about cyber security. Additionally, hackers are constantly changing their tactics. Therefore businesses are challenged to keep employees aware and informed of the latest security threats and measures to avoid them. It is essential to provide regularly scheduled education as well as reminders about fundamental best practices, including data sharing protocols and avoiding shadow IT.

3. Facilitate Data Security Best Practices

If you provide secure systems and processes, but they are clunky and unreliable, your staff will find workarounds and inadvertently put your business at risk for a breach. Make it easy for your employees to exercise best practices. This means providing ways for them to adhere to security guidelines that don’t impede their daily progress. Take file sharing as an example. During day-to-day operations, businesses move data from place to place and share information constantly. It has become second nature to all of us, so much so that we might not think to question the safety of those transactions. Businesses must provide a secure method of file sharing, such as a managed file transfer (MFT) platform. The right MFT will be painless to work with, enabling the secure, reliable exchange of data through features like built-in regulatory compliance, automation capabilities, and user-friendly administration.

Data stewardship in today’s world is complicated, to say the least. Keep the aforementioned basic standards at the core of your operations. There they can serve as helpful touchstones for your business’s data security decisions.

Is your business doing enough to safeguard your data? There is always more you can do. In this whitepaper, The Gaping Holes in Your Security, we’ll discuss possible vulnerabilities and how a multi-layer security plan can help.